test(token): native shielded token integration suite#650
Draft
0xisk wants to merge 3 commits into
Draft
Conversation
Optional on-chain supply accounting for the native shielded token, stacked on the core PR. Adds NativeShieldedTokenSupply (scalar) and NativeShieldedTokenFamilySupply (per-domain) over a shared NativeShieldedTokenSupplyCore, plus per-module mocks, simulators, and unit suites. * _addMinted / _addBurned building blocks, paired by the consumer with the matching mint and burn ops; totalMinted / totalBurned / totalSupply getters * _addBurned enforces burned <= minted: a readable error that also makes the add overflow and the totalSupply subtraction underflow unreachable * UINT128_MAX comes from Utils
Optional derived coin nonces for native shielded token mints, stacked on the core PR, so callers need not manage nonces themselves. * counter-only: owns a monotonic _counter and derives evolveNonce(_counter, tag) in a single hash; unique via the counter, namespaced by the fixed tag, no seed and no init * deterministic and recipient-public by design; for recipient privacy use the base _mint with a secret random nonce * standalone mock, simulator, and unit suite (imports no token module)
Add the live-node integration suite for the native shielded token, stacked on the supply and derived-nonce extension PRs. One deployable (NativeShieldedTokenV1) composes the Fungible token with both extensions and is driven through the full prove -> verify -> apply loop against the local stack (proof-server + indexer + node via `make env-up`). * harness: testkit-free wallet/provider stack over the wallet-sdk, deploy + Zswap-effects decoders, a process-shared wallet pool * specs: smoke, mint (both nonce paths), burn revert guards, supply accounting, shieldedMints reconstruction, recipient (un)linkability, duplicate-commitment rejection, unrestricted issuance * read metadata / initialization / supply totals through circuits: the refactored modules keep that state behind prefixed core imports, so only the directly-declared _domain and derived-nonce _counter surface on the typed ledger * deps: @midnight-ntwrk midnight-js, wallet-sdk, ledger-v8, compact-js plus @scure/bip39 and pino (devDependencies) * scripts: compact:integration:net and test:integration:net The live run needs `yarn install` and a local Midnight node.
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Types of changes
Fixes #??? — N/A, no tracking issue. See Relationship to other PRs below.
Adds the live-node integration suite for the native shielded token, together with
the two extensions it exercises. The standard's defining behaviors are
protocol-level (Zswap spend paths, color derivation, recipient privacy, coin
conservation, out-of-band delivery). A
--skip-zksimulator cannot prove them;the integration suite on the local stack is where the standard is actually
verified through the full prove → verify → apply loop.
What's here
NativeShieldedTokenSupply(scalar) andNativeShieldedTokenFamilySupply(per-domain) over a sharedNativeShieldedTokenSupplyCore, plus mocks, simulators, unit + property suites.NativeShieldedTokenDerivedNonce: counter-onlyderived coin nonces so callers need not manage nonces themselves; mock,
simulator, unit suite.
NativeShieldedTokenV1) composing theFungible token with both extensions, driven against the local stack
(proof-server + indexer + node via
make env-up):Zswap-effects decoders, a process-shared wallet pool;
shieldedMintsreconstruction, recipient (un)linkability, duplicate-commitmentrejection, unrestricted issuance;
@scure/bip39, pino) andcompact:integration:net/test:integration:netscripts.
The network suite lives under
test/integration/specs/nativeShieldedToken/**andruns via
test:integration:net. It is excluded from the defaulttest:integration(simulator) config, so it does not affect the existingintegration job.
Relationship to other PRs
This branch was rebased onto current
main. The base standard (NativeShieldedTokencore) is already on
mainvia #621. The supply and derived-nonce extensionsources are also proposed independently in #638 and #639 respectively; the
integration mock imports them, so they are carried here as prerequisites until
those land. Once #638/#639 merge, this branch rebases down to the integration
commit alone.
Verified locally
compact compile(SKIP_ZK) of all token sources, extensions, mocks, and theNativeShieldedTokenV1integration mock — clean against the currentmaincore.tsc --noEmit— clean.biome checkon all changed files — clean.Not run in this environment:
vitestexecution (unit + network). The unitsuites run under CI's
testjob. The network suite needsyarn install(the newSDK deps) and a live local stack (
make env-up); it is verified by runningtest:integration:netlocally.Out of scope (documented, not built)
Burn happy-paths, treasury Merkle spend, round-trip, and bypass-burn specs share
one root cause — the testkit-free wallet cannot yet import/spend a
contract-minted coin (no coin ciphertext is emitted; the facade has no coin-import
hook). Revert guards for these paths are covered. The unblock is a
coin-injecting shielded wallet supplied to
WalletFacade.init.PR Checklist
Further comments
Opened as a draft: it carries the unmerged #638/#639 extension work, and the
network suite cannot go green in CI without the live stack. Mark ready once the
extension PRs land and the branch is rebased down to the integration commit.